Hallo

auf meiner seite kann man html-code posten. ich möchte aber natürlich javascript vollständig ausmisten (xss-angriff).

reicht mein code dazu aus oder gibts da noch schlupflöscher:

$article = str_ireplace("<script","..",$article);
 $article = str_ireplace("javascript:","..",$article);
 $article = str_ireplace("onunload","..",$article);
 $article = str_ireplace("onsubmit","..",$article);
 $article = str_ireplace("onselect","..",$article);
 $article = str_ireplace("onreset","..",$article);
 $article = str_ireplace("onmouseup","..",$article);
 $article = str_ireplace("onmouseover","..",$article);
 $article = str_ireplace("onmouseout","..",$article);
 $article = str_ireplace("onmousemove","..",$article);
 $article = str_ireplace("onmousedown","..",$article);
 $article = str_ireplace("onload","..",$article);
 $article = str_ireplace("onkeyup","..",$article);
 $article = str_ireplace("onkeypress","..",$article);
 $article = str_ireplace("onkeydown","..",$article);
 $article = str_ireplace("onfocus","..",$article);
 $article = str_ireplace("onerror","..",$article);
 $article = str_ireplace("ondblclick","..",$article);
 $article = str_ireplace("onclick","..",$article);
 $article = str_ireplace("onchange","..",$article);
 $article = str_ireplace("onblur","..",$article);
 $article = str_ireplace("onabort","..",$article);
 $article = str_ireplace("cookie","..",$article);

Vielen Dank